Home | Databases | WorldLII | Search | Feedback Privacy Law and Policy Reporter

Pounders, Chris --- "Europe's Telecommunications Privacy Directive" [1996] PrivLawPRpr 63; (1996) 3(7) Privacy Law & Policy Reporter 132

EUROPE'S TELECOMMUNICATIONS PRIVACY DIRECTIVE

Its objective is to augment the main Data Protection Directive (EU 95/46/EC) with specific provisions to protect the privacy of those individuals who use information services via a public telecommunications network. Member states are expected to implement this new Directive so that it comes into effect at the same time as the main Directive (that is, by 23 October 1998).

From a privacy perspective, the main features the new directive include:

• Specific rules for the publication of directories of subscribers. Directories, for instance, must contain the minimum necessary detail to identify a subscriber (that is, in many cases, therefore, the complete address will not automatically be published). However, such additional details can be published if the consent of the subscriber is obtained. Directories should not reveal the sex of the subscriber (if this is possible linguistically), and the use of a subscriber's details from the directory for marketing purposes would require the consent of the subscriber. Becoming an ex-directory subscriber must be free of charge.
• A requirement for subscribers to be able to block Calling Line Identification (CLI) free of charge, either on a per call basis or a per line basis. Many European data protection authorities have already resolved this issue within the ambit of current national legislation. For instance, the Irish Data Protection Commissioner has indicated where a subscriber is already ex-directory, the default status for CLI should be assumed to be blocked. In the UK, the data protection registrar decided that the default could be assumed to be unblocked, with the result that many ex-directory numbers might have been compromised unwittingly.
• Traffic data will need to be anonymised as soon as possible. In addition, specific security procedures will be required with respect to the details stored in relation to itemised billing (for example, details to be destroyed after a specified period). However, there are exceptions to the rule (for example for crime prevention and national security purposes).
• An obligation placed on member states to enact legislation which ensures the confidentiality of telecommunications. Service providers will be expected to `have regard for the state of the art' with respect to security of such communications. Where there is `a particular risk of a breach of security of the network, the provider of a publicly available telecommunications service must inform subscribers concerning such risk and any possible remedies, including the costs involved'.

Many controversial issues (for example, telephone tapping) cannot be addressed by this Directive since EU Directives cannot relate to policing or national security matters. Member states are thus left to determine the conditions under which telecommunications data can be used by, or disclosed to, such agencies.

Related matters

The Irish Data Protection Commissioner has told the telecommunications companies in Eire that if a subscriber is ex-directory they must start from the assumption that CLI is blocked on a per line basis. In the UK, this was not the case. Those who were ex-directory had default of CLI to be displayed (many to this day are unaware of this).

Chris Pounder, Editor, Data Protection News, e-mail dp.news@capgemini.co.uk)